package com.huang.springsecurityoauth2.config.security;


import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.web.cors.CorsUtils;


/**
 * @Author HuangShen
 * @Description Security security配置文件
 * @Create 2021-01-12 10:41
 */
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {

        http.csrf().disable().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                .and().headers().cacheControl();
        http.authorizeRequests().requestMatchers(CorsUtils::isPreFlightRequest).permitAll();
        http.addFilter(new AuthenticationFilter());
        http.addFilterBefore(new AuthorizationFilter() , AuthenticationFilter.class);


       //拦截所有请求
       http.authorizeRequests()
               .antMatchers("/login").permitAll()
               .anyRequest().access("@authService.hasPermission(request,authentication)");


    }


    @Bean("passwordEncoder")
    public PasswordEncoder getPasswordEncoder(){
        return  new BCryptPasswordEncoder();
    }


}
